engineering project of venkata krishna

CHAPTER 1

INTRODUCTON

1.1 INTRODUCTION

There has been a great deal of hype for graphical passwords since two decade due to the

fact that primitive’s methods suffered from an innumerable number of attacks which could be

imposed easily. Here we will progress down the taxonomy of authentication methods. To start

with we focus on the most common computer authentication method that makes use of text

passwords. Despite the vulnerabilities, it’s the user natural tendency of the users that they will

always prefer to go for short passwords for ease of remembrance and also lack of awareness

about how attackers tend to attacks. Unfortunately, these passwords are broken mercilessly by

intruders by several simple means such as masquerading, Eaves dropping and other rude means

say dictionary attacks, shoulder surfing attacks, social engineering attacks .To mitigate the

problems with traditional methods, advanced methods have been proposed using graphical as

passwords .The idea of graphical passwords first described by Greg Blonder (1996). For

Blonder, graphical passwords have a predetermined image that the sequence and the tap regions

selected are interpreted as the graphical password. Since then, many other graphical password

schemes have been proposed. The desirable quality associated with graphical passwords is that

psychologically humans can remember graphical far better than text and hence is the best

alternative being proposed. There is a rapid and growing interest in graphical passwords for they

are more or infinite in numbers thus providing more resistance. The major goal of this work is to

reduce the guessing attacks as well as encouraging users to select more random, and difficult

passwords to guess.

Taxonomy of Authentication

In this depiction of current authentication methods Biometric based authentication

system’s techniques are proved to be expensive, slow and unreliable and hence not preferred by

many. Token based authentication system is high security and usability and Accessibility

1DEPARTMENT OF INFORMATION TECHNOLOGY SRKR ENGINEERING COLLEGE

compare then others. But is system employ knowledge based techniques to enhance security. But

the current knowledge based techniques are still immature. For instance, ATM cards always go

hand in hand with PIN number.

Fig 1.1: Taxonomy of Authentication

Taxonomy of Password Authentication Techniques

So the knowledge based techniques are the most wanted techniques to improve real high

security. Recognition based & recalls based are the two names by which graphical techniques

could be classified.


Summary

The rest of the project report is organized as follows: The Chapters from Chapter 2 to

Chapter 10 will provide the information about the Defenses against Large Scale Online Password

Guessing attacks by using Persuasive Click Points. The Chapter 2 will give survey on the

literatures which are more important in development of this project and in Chapter 3 gives the

disadvantages and the advantages of the existing and the proposed systems and also provide the

problem setup of the project .The Chapter 4 will provide all the necessary Requirements of

Functional and Non-Functional Requirements of Defenses against Large Scale Online Password

Guessing attacks by using Persuasive Click Points. In Chapter 5 the Architecture of the Defenses

against Large Scale Online Password Guessing attacks by using Persuasive Click Points and the

modules which are implemented in it are discussed. The designing of the system with all the

necessary UML diagrams are explained in Chapter 6. The Pseudo code is discussed in the

Chapter 7.Finally the testing is done with all possible test cases are described in Chapter 8.The

final conclusion and the references are followed in the preceding Chapters 9 and Chapter 10

Respectively


CHAPTER 2

LITERATURE SURVEY

2.1 Graphical Password Authentication Using Cued Click Points

We propose and examine the usability and security of Cued Click Points, a cued-recall

graphical password technique. Users click on one point per image for a sequence of images. The

next image is based on the previous click-point. We present the results of an initial user study

which revealed positive results. Performance was very good in terms of speed, accuracy, and

number of errors. Users preferred CCP to Pass Points, saying they thought that selecting and

remembering only one point per image was easier, and that seeing each image triggered their

memory of where the corresponding point was located. We also suggest that CCP provides

greater security than Pass Points because the number of images increases the workload for

attackers.

2.2 Reducing Shoulder-surfing by Using Gaze-based Password Entry

Shoulder-surfing – using direct observation techniques, such as looking over someone's

shoulder, to get passwords, PINs and other sensitive personal information – is a problem that has

been difficult to overcome. When a user enters information using a keyboard, mouse, touch

screen or any traditional input device, a malicious observer may be able to acquire the user’s

password credentials. We present Eye Password, a system that mitigates the issues of shoulder

surfing via a novel approach to user input.

With Eye Password, a user enters sensitive input by selecting from an on-screen keyboard

using only the orientation of their pupils, making eavesdropping by a malicious observer largely

impractical. We present a number of design choices and discuss their effect on usability and

security. We conducted user studies to evaluate the speed, accuracy and user acceptance of our

approach. Our results demonstrate that gaze-based password entry requires marginal additional

time over using a keyboard, error rates are similar to those of using a keyboard and subjects

preferred the gaze-based password entry approach over traditional methods.


2.3 Deja vu: A User Study Using Images for Authentication

Current secure systems suffer because they neglect the importance of human factors in

security. We address a fundamental weakness of knowledge-based authentication schemes,

which is the human limitation to remember secure passwords. Our approach to improve the

security of these systems relies on recognition-based, rather than recall-based authentication. We

examine the requirements of a recognition-based authentication system and propose Deja Vu,

which authenticates a user through her ability to recognize previously seen images. Deja Vu is

more reliable and easier to use than traditional recall-based schemes, which require the user to

precisely recall passwords or PINs. Furthermore, it has the advantage that it prevents users from

choosing weak passwords and makes it difficult to write down or share passwords with others.

2.4 Image Based Registration and Authentication System

Security-sensitive environments protect their resources against unauthorized access by

enforcing access control mechanisms. Text based passwords are not secure enough for such

applications. User authentication can be improved by using both text passwords and structured

images. Our image based registration and authentication system is called IBRAS. The system

developed displays an image or set of images to the user, who would then select one to identify

them. The system uses such image based passwords and integrates image registration and

notification interfaces. Image registration enables users to have their favorite image. The paper

will describe our experience and future work.

2

2.5 User interface design affects security Patterns in click-based graphical passwords

Design of the user interface incenses users and may en-courage either secure or insecure

behavior. Using data from four deferent but closely related click-based graphical password

studies, we show that user-selected passwords vary considerably in their predictability. Our

analysis looks at click-point patterns within passwords and shows that Pass Points passwords

follow distinct patterns. Surprisingly, these patterns occur independently of the background


image. Conversely, CCP and PCCP passwords are nearly indistinguishable from those of a

random dataset. These results provide insight on modeling effective password spaces and on how

user interface characteristics lead to more (or less) secure user behavior.


CHAPTER 3

PROBLEM DEFINITION

3.1 EXISTING SYSTEM

In existing system, password are mostly of text oriented .So the password can be broken

by intruders by masquerading ,brute force attack ,dictionary attack etc ,There are some

application existing with graphical passwords ,their major drawback is larger memory space.

Some have prone to shoulder surfing attack .In Cued Click Point ,the user have select click point

in five different images in sequence based on the previous image .The drawback of the concept is

it is difficult to remember the click points in different images.

Disadvantages

Although Pass Points is relatively usable, security weaknesses make passwords easier for

attackers to predict .Hotspots are areas of the image that have higher likelihood of being selected

by users as password click-points. Attackers who gain knowledge of these hotspots through

harvesting sample passwords can build attack dictionaries and more successfully guessPass

Points passwords. Users also tend to select their click-points in predictable patterns (e.g., straight

lines), which can also be exploited by attackers even without knowledge of the background

image; indeed, purely automated attacks against Pass Points based on image processing

techniques and spatial patterns are a threat

3.2 PROBLEM STATEMENT

Usable security has unique usability challenges because the need for security often means

that standard human-computer-interaction approaches cannot be directly applied. An important

usability goal for authentication systems is to support users in selecting better passwords. Users

often create memorable passwords that are easy for attackers to guess, but strong system-

assigned passwords are difficult for users to remember.


3.3 PROPOSED SYSTEM

In proposed system, we use a click-based graphical password system. During password

creation, there is a small view port area that is randomly positioned on the image. Users must

select a click-point within the view port. If they are unable or unwilling to select a point in the

current view port, they may press the Shuffle button to randomly reposition the view port. The

view port guides users to select more random passwords. Therefore this works encouraging users

to select more random, and difficult passwords to guess.

Advantages of proposed system

This systematic examination provides a comprehensive and integrated evaluation of

PCCP covering both usability and security issues, to advance understanding as is prudent before

practical deployment of new security mechanisms. Results show that PCCP is effective at

reducing hotspots (areas of the image where users are more likely to select click-points) and

avoiding patterns formed by click-points within a password, while still maintaining usability.


CHAPTER 4

SYSTEM ANALYSIS AND REQUIREMENTS

4.1 SOFTWARE REQUIREMENTS

o Operating System : Windows XP/7/8

o Application Server : NETBEANS

o Front End : JAVA, Swings

o Database : MYSQL

o Database Connectivity : JDBC

4.2 HARDWARE REQUIREMENTS

o Processor - Pentium –III, intel, amd

o Speed - 1.1 Ghz

o RAM - 256 MB(min)

o Hard Disk - 20 GB(min)


4.3 FUNCTIONAL REQUIREMENTS

1. It provides provision to the user to register.

2. It provides a provision to the user to select an image.

3. It provides a provision to the user to generate graphical password from selected image.

4. It provides a provision to the user to compare graphical password from input image for

login.

5. It provides a provision to Login user.

6. It provides a provision to the user to compare graphical password from input image for

user to make transactions.

7. It provides provision to user to make his transactions.

8. It provides provision for user to deposit.

9. It provides a provision for user to withdrawal.

10. It provides a provision for user to view transaction reports.

4.4 NON-FUNCTIONAL REQUIREMENTS

Non-Functional requirements describe user-visible aspects of the system that are not

directly related to functionality of the system.

a) User Interface

A menu interface has been provided to the client to be user friendly.

b) Documentation

The client is provided with an introductory help about the client interface and the

user documentation has been developed through help hyperlink.

c) Performance Constraints

Requests should be processed within no time.


Users should be authenticated for accessing the requested data.

d) Error Handling and Extreme Conditions

In case of User Error, the System should display a meaningful error message to

the user, such that the user can correct his Error.

The high level components in proposed system should handle exceptions that

occur while connecting to database server, IO Exceptions etc.

e) Quality Issues

Quality issues refer to how reliable, available and robust should the system be?

While developing the proposed system the developer must be able to guarantee the

reliability transactions so that they will be processed completely and accurately.

The ability of system to detect failures and recovery from those failures refers to the

availability of system. Robustness of system refers to the capability of system providing

information when concurrent users requesting for information.

f) Acceptance Criteria

The developer will have to demonstrate and show to the user that the system works

by testing with suitable test cases so that all conditions are satisfied.

4.5 FEASIBILITY STUDY

Three key considerations involved in the feasibility analysis are

Technical Feasibility

Economical Feasibility

Operational Feasibility


i) Technical Feasibility

The developed system have a modest requirement, as only minimal or null changes

are required for implementing this system. As all the Technical aspects are already

available.

ii) Economical Feasibility

The developed system is well within the budget and this was achieved because

most of the technologies used are freely available. Only the customized products had

been purchased.

iii) Social Feasibility

The Users level of confidence must be raised so that he is also able to make some

constructive criticism, which is welcomed, as he is the final user of the system


4.6 Use Case Analysis:

register new user

login

browse an image

create graphical password from image

compare image for graphical password

credit

debit

user

transcation history

Fig 4.1: Use Case Diagram for Persuasive click point

Use Case Description


In this first user must register by giving the details of user and then create the

graphical password from image.

If the user is already registered then browse the image and give the x,y values as

password for login.

Compare image for the graphical password verification.

If the user is a valid user then the transaction can be done like credit, debit,

transaction history.

Use Case Description Table

USECASE ACTOR STEPS DESCRIPTION1.REGISTRATION USER 1.Press the registration

2.Enter details of user

After completing to registration, all the details of user saved in database.

2. CREATE GRAPHICAL PASSWORD FROM IMAGE

USER 1.Press the Create password.

2.Enter the required X and Y co-ordinates.

After enter the co-ordinates, the corresponding values are stored in database.

3.BROWSE AN IMAGE

USER 1.We select an image from the Image database.2.Set the co-ordinate values

After Browse the image, corresponding co-ordinate values of Image are stored in database.

4.LOGIN USER 1.Press the login.2.Enter the username and password.

After enter the username &password, Admin check with username & pwd in database. if it same user login is successful.

5.COMPARE IMAGE FOR GRAPHICAL PASSWORD

ADMIN 1.Admin collect all details of password.2.Admin compare the user password and actual values of Image co-ordinates.

After comparing the graphical password, if I same successful for login.

6.CREDIT USER 1.Press the Credit button.2.Enter credit details.

After enter the all the details of credit, transactions are occurred successfully.


7.DEBIT USER 1.Select the debit.2.Enter the required amount to be withdraw.

After completing the debit, amount will be withdraw successfully.

Table 4.1: Use Case Analysis

CHAPTER 5

SYSTEM ARCHITECTURE

5.1 SYSTEM ARCHITECTURE DESCRIPTION

The project is about User authentication to the system with the implementation of the persuasive

click points. First of all, any User has register and the graphical password is given as the input to

the login process. The two images are compared for authenticating the user to the system, If any

error occurred then user must login to the system again, if there are no errors then the transaction

management will display the transaction details.


Fig 5.1: System Architecture

5.2 MODULES

The System Architecture consisting of four modules namely:

i. Registration

ii. Password Creation

iii. User Login

iv. Transaction management

i. Registration


In this Registration module user enter the all the details like his name, address of the

user ,mobile number and emailed .After enter the details, all details are stored in user

database.

These details are used for the Authentication in login process .So these details are

very important for the further process. So these details are securely stored in User

database.

In this Registration process, user has to choose his username.

ii. Password Creation

In this module, we have to create our own password with help of any image in the

Image Database .In this module, we create the password with help of X and Y co-

ordinate’s of window .So in this (X, Y) values are to be set in the picture.

These co-ordinate values are to be stored in admin database .In this we have to

develop no. of passwords based on the size of window ,nothing but it will depend on

no .of co-ordinate values .So guessing of Unauthorized user is very difficult and also easy

to remember the authorized party.

iii. User Login

In this module, user wants to login into the system .In this admin asks username and

password and then user enter the username and graphical password nothing but co-

ordinate values.

After enter the username and password, Admin checks the entered username &

password with Username, Password in database.

If both are same, then user has to login in system successfully .Otherwise go to

Registration process.

iv) Transaction Management:

In this Transaction Management module, we are testing weather system works

properly or not .In this, the system is linkup with Banking Transactions.


In this, user has to credit the money with help of our system and also debit the

money successfully.


CHAPTER 6

SYSTEM DESIGN

6.1 CLASS DIAGRAM

Login

Login()actionPerformed()main()

(from imageprocess)

selectpixel

i : int = 1user_name : String = UserRegister.Username_Text.getText()...name_text : String = UserRegister.Name_Text.getText()acc_text : String = UserRegister.AccNo_Text.getText()

selectpixel()actionPerformed()main()

(from imageprocess)

process

username : String = test.text1.getText()

process()actionPerformed()main()

(from imageprocess)

CompareImage

bytes[] : byte = null

CompareImage()actionPerformed()main()

(from imageprocess)

test

name : String = nullfile_name : String = null

test()main()

(from imageprocess)

UserRegister

dt : Date = new java.util.Date ()currentTime : String = sdf.format(dt)

UserRegister()main()actionPerformed()

(from imageprocess)

ImageProcess

main()

(from imageprocess)

datecheck

DATE_FORMAT_NOW : String = "dd-MM-yyyy HH:mm:ss"dt : Date = new java.util.Date ()currentTime : String = sdf.format(dt)

datecheck()main()

(from imageprocess)

Fig 6.1: Class diagram

Description of Class Diagram


: user : user

user interfaceuser interface registrationregistration insert imageinsert image create passwordcreate

passworddatabasedatabase message boxmessage box

1:user register()

1.1:enter user deatails()

1.1.1: check user regisration()

1.1.1.1: create password()

1.1.1.1.1: store data()

1.1.1.1.1.1: return status()

1.1.1.1.1.1.1: display message

The class diagram mainly consists of User Register ,Image Process and Data Check.

In the user registration, login process is used to verify the details which are correct if the

details given are invalid then the user must re-enter the valid details and compare the

image and test is done on it.

In the Image process, the pixel values are taken when the password is created and that

pixel values are used for retrieval of data from the data base.

In the Data Check, the data is verified that is where the intensity values of the co-

ordinates are equal or not.

6.2 SEQUENCE DIAGRAM

Fig 6.2: Sequence Diagrams for User Registration

Description of Sequence Diagram for User Registration


: user : user

user interface(ui)

user interface(ui)

loginlogin logim management

loginmanagement

compare graphical password

compare graphical password

cheak datacheck data message boxmessage box

1.1: login()

1.2: enter login details()

1.3: send data()

1.4: input image()

1.5: send user data

check data

return status

1.7: display message()

1.8: display message()

For this user need to enter the details and then the user details are been checked

internally.

Then User Create the password by giving the image as input.

Then the password and the details are stored in the database.

From the Database if we want any details then the status will be given to the user by

a message this message will be displayed.

Sequence Diagrams for User Login

Fig. 6.3: Sequence Diagrams for User Login

Description of Sequence Diagrams for User Login


After registration user must login by entering the login details. Then the data is send

to the login management.

User gives the image for comparing the graphical password then the data is send to

verification.

After verification the message is send to the login management and then the

message is send to the message box.

The message box will send the message to the user.

6.3 COLLABORATION DIAGRAM

:user user interface

:Registration

:insert mode

create pwd

:database:message

box

1: user register()

2: Enter user details

3: check user registration

4: create pwd

5: 1.1.1.1 store data

6: 1.1.1.1 return status

7: 1.1.1.1.1 display message

Fig 6.4 Collaboration Diagrams for User Registration

Collaboration Diagrams for User Registration


For this user need to enter the details and then the user details are been checked

internally.

Then User Create the password by giving the image as input.

Then the password and the details are stored in the database.

From the Database if we want any details then the status will be given to the user by a

message this message will be displayed

Collaboration Diagrams for User Login

5: send user data

:user :user interface :check

data

:masssage box

:login

:login management

:compare graphical pwd

6: check data

1: login()

2: enetr login details

7: return status

9: display message

3: send data

4: input data

8: display message

Fig 6.5: Collaboration Diagrams for User Login

Description of Sequence Diagrams for User Login:

After registration user must login by entering the login details. Then the data is send

to the login management.

User gives the image for comparing the graphical password then the data is send to

verification.


After verification the message is send to the login management and then the

message is send to the message box.

The message box will send the message to the user.

6.4 ACTIVITY DIAGRAM

User Login

Enter User Details

Login Failure

LoginSuccessfully

User Transactions

logout

valid DetailsInvalid Details

Fig 6.6: Activity Diagram of Persuasive click points

Description of Activity Diagram

In this first the user must login by giving the details.

If the details are invalid then the login fails then the user must re-enter the details.

If the details are valid then the login process is successful then the user transactions

can be done.


6.5 STATE CHART DIAGRAM

State Chat diagram for User Login

user registration

enter user details

create graphical password

login transactions

depositwithdraw

logout

Fig 6.7: State Chart diagram for User Login


Description of State Chart diagram for User Login

In this first user must register by giving the details of user and then create the

graphical password from image.

If the user is already registered then browse the image and give the x,y values as

password for login.

Compare image for the graphical password verification.

If the user is a valid user then the transaction can be done like credit, debit,

transaction history

State chart diagram for login:

user login

enter user details

login successfully

login failure valid detailsinvalid details

user transactions

logout

Fig 6.8: State chart diagram for login


Description of State Chart diagram for login

In this first the user must login by giving the details.

If the details are invalid then the login fails then the user must re-enter the details.

If the details are valid then the login process is successful then the user transactions

can be done.

6.6 COMPONENT DIAGRAM

DEFENCE AGAINST INE PASSWORD GUESSING ATTACKS BY USING PERSUASIVE CLICK POINTS

USER REGISTRATION

GRAPHICAL PASSWORD

LOGIN MANAGEMENT

TRANSACTION MANAGEMENT

Fig 6.9: Component Diagram of Persuasive click points

Defenses against Large Scale Online Password Guessing Attacks by Persuasive Click Points

consists of four components

User Registration

Graphical Password

Login Management

Transactions Management


6.7 DEPLOYMENT DIAGRAM

MYSQL

user interface

Defence againist largescale online passw...

SWINGS

JDK1.6

DATABAES

IMAGE

Fig 6.10: Deployment Diagram of Persuasive click points

Description of Deployment Diagram:

Deployment Diagram consisting of following objects.

User Interface

Defense against large scale online password guessing attack by using Persuasive click

points.

o Swings

o JDK1.6

Database

o My Sql

o image

In this system initially user interact with the Defense against large Scale online password

system .In this swings and JDK 1.6 are sub parts of this system and this is link with the

Database consisting of my sql and Image database.


Image

Accno

Balance Address

PixelNew User

Name

has1 1

Name Password

Image

Path value

1

Name

Path

Image

6.8 ER DIAGRAM

Fig 6.11: ER Diagram of Persuasive click points

Explanation for ER Diagram

The Database is designed keeping in mind all the functional requirements of the

System. There are several attributes for every entity in an ER Diagram .Here New User

and Pixel are the entities and there is the relation between them.

For the New User entity there are attributes are name, user name, account number,

guardian, address, balance, Image and in the pixel entity there are attributes like name of

the image and the password.


Guardian

Use Name

DATA DICTIONARY

The database used for the system consists of five tables, The first one is the user details

table in which the entire details about the user are stored and second one is the address table

consists the address of the user. The table upload data consists of the data under categories, from

this table the entire operation of the system is based and the login master table handles the details

of each login of the user. And finally the Category Info table consists of the type of Data stored

in the Data Base.

1. New User Table

Table 6.1: New User Table

2. Pixel Table


Field name Data type Description

User name Varchar2 Name of the user in the login

Name Varchar2 Name of the user

Balance Number Balance amount

Address Varchar2 Address of the user

Image Jpg Image password

Guardian Varchar2 Guardian to the user

Accno number Account number of the user




Password number password of the user

Table 6.2: Pixel Table

3. Path value

Table 6.3: Path value table





Path Varchar2 Path value

CHAPTER 7

SYSTEM IMPLEMENTATION

7.1 ALGORITHMS

Persuasive click points

The implementation of the persuasive click point’s algorithm is of at most importance for

the exact User authentication to happen, The algorithm for the persuasive click points includes

two phases i.e., firstly during the registration of the passwords and during the login process.

Registration process

The User should register in to the system, before he can use the system for secure login.

Step 1: The image is to uploaded which the user wants to use as his password.

Step 2: There is a small view port area that is randomly positioned on the image, Users must

select a click-point within the view port.

Step 3: If they cannot or unwilling

then

they may press the shuffle button to randomly reposition the view port.

The click points must be selected in such a way that there is less chances of inclusion of

hotspots.

Login process

After the registration in to the system the, User wants to enter the system to view his

personal data.

Step 1: The User uploads the image, which he has selected as his password image.

Step 2: The User should select the click points in the order in which he has done during the

registration process.

Step 3: if any problem, then retry for a limited no of times

Or the account is blocked


else the account is opened

7.2 PSEUDO CODE

The main action performed in the system is to compare the image that is given as an input.

Image Comparision

if(ae.getSource()==upload)

{

Connection connection = null;

PreparedStatement psmnt = null;

FileInputStream fis;

String filename=filenametext.getText();

String name=nametext.getText();

String password=passwordtext.getText();

try

{

Class.forName("com.mysql.jdbc.Driver")

connection = DriverManager.getConnection("jdbc:mysql://localhost/image","root","");

File image = new File(filename);

psmnt = connection.prepareStatement ("insert into pixelvalue values(?,?,?)");

psmnt.setString(1,name);

psmnt.setString(2,filename);

fis = new FileInputStream(image);

psmnt.setBinaryStream(3, (InputStream)fis, (int)(image.length()));

int s = psmnt.executeUpdate();

}


catch(Exception ee)

{

}

}

else if(ae.getSource()==Compare)

{


try

{

File file=new File(filename);

BufferedImage image=ImageIO.read(file);

ImageIcon icon=new ImageIcon(image);

picture.setIcon(icon);

}

catch(Exception ee)

{

}

}

else if(ae.getSource()==Browse)

{

JFileChooser chooser = new JFileChooser();

try {

File f = new File(new File("filename.txt").getCanonicalPath());

chooser.setSelectedFile(f);

}

catch (IOException e1)

{

}

int retval = chooser.showOpenDialog(Browse);

if (retval == JFileChooser.APPROVE_OPTION){

File field = chooser.getSelectedFile();


filenametext.setText(field.getAbsolutePath());

}

else if(ae.getSource()==viewport)

{

System.out.println("aa");

}


CHAPTER 8

TESTING

8.1 Test Cases

Test case1

Input: The details of the User

Expected Output: The successful registration

Observed Output: same as expected as shown in the Fig 8.1

Fig 8.1: User registration form


Test case 2

Input: The Image which is to be used as password and click points

Expected Output: The successful creation of password


Fig 8.2: Graphical Password Creation of User


Test case 3

Input: The Image used as a password and click points

Expected Output: unsuccessful login


Fig.8.3: Graphical password given is wrong


Test case 4

Input: The Image used as a password and click points

Expected Output: successful login


Fig 8.4: Authentication of the User using image password

Test Cases Report


Test

Case

ID

Test Case Procedure Expecting

behavior

Exhibiting

behavior

Result

1

User to

register.

User has to select ‘New

User’ option and enter the

details of user.

User has to be

registered if the

entered details are

true else return

error message.

New user is

registered. Pass

2 User to insert

an image.

User has to the Browse

option and select the

required image as input.

User has to browse

an image.

User selected an

image.

Pass

3 User to Create

Graphical

Password.

User has to select ‘create

Password’ option and

browse a graphical image to

create graphical password.

User has to create

Graphical

password.

User is created

Graphical

password.Pass

4 User to

compare

images.

User has to select an image

as input to compare

Graphical password to

match.

User has to insert

an image.

User inserted an

image.

Pass

5 User to get

Login.

User has to select

‘registered user’ option and

enter the login details.

User has to login if

the entered login

details are true else

return error display

message.

User is logged

in. Pass

6 User to

deposit.

User has to select ‘deposit’

option and transact the

amount.

User has to be

deposited.

User got

deposited. Pass

7 User to User has to select User has to be User is Pass


withdrawal. ‘withdrawal’ option and

transact the amount.

withdrawal. withdrawn

amount.

8 User to view

transaction

reports.

User has to select

‘transaction Report’ and

enter the password details.

User has to view

the transaction

reports if entered

details are true else

return error

message.

User viewed the

transaction

reports.

Pass

Table 8.1: Test Case Report

CHAPTER 9

CONCLUSION


A major advantage of Persuasive Cued Click Point scheme is its large password space

over alphanumeric passwords. There is a growing interest for Graphical passwords since they are

better than Text based passwords, although the main argument for graphical passwords is people

are better at memorizing graphical passwords than text-based passwords .Online Password

guessing attacks on password-only systems have been observed for decades Present-day

attackers targeting such systems are empowered by having control of thousand to million node

battens.

In previous ATT-based login protocols, there exists a security-usability trade-off with

respect to the number of free failed login attempts (i.e., with no ATTs) versus user login

convenience (e.g., less ATTs and other requirements). In contrast, PGRP is more restrictive

against brute force and dictionary attacks while safely allowing a large number of free failed

attempts for legitimate users. PGRP is apparently more effective in preventing password

guessing attacks (without answering ATT challenges), it also offers more convenient login

experience, e.g., fewer ATT challenges for legitimate users. PGRP appears suitable for

organizations of both small and large number of user accounts.

FUTURE ENHANCEMENT

A major advantage of Persuasive cued click point scheme is its large password

space over alphanumeric passwords. There is a growing interest for Graphical passwords

since they are better than Text based passwords, although the main argument for graphical

passwords is that people are better at memorizing graphical passwords than text-based

passwords. Online password guessing attacks on password-only systems have been observed

for decades. Present-day attacker stargazing such systems are empowered by having control

of thousand to million node bonnets. In previous ATT-based login protocols, there exists a

security-usability trade-off with respect to the number of free failed login attempts (i.e., with no

ATTs) versus user login convenience (e.g., less ATTs and other requirements). In contrast,

PGRP is more restrictive against brute force and dictionary attacks while safely allowing a large

number of free failed attempts for legitimate users. PGRP is apparently more effective in


preventing password guessing attacks (without answering ATT challenges), it also offers

more convenient login experience, e.g., fewer ATT challenges for legitimate users. PGRP

appears suitable for organizations of both small and large number of user accounts.

CHAPTER-10

REFERENCES & BIBLIOGRAPHY


REFERENCES

[1]. Sonia Chiasson, P.C. van Oorschot, and Robert Biddle, “Graphical Password Authentication

Using Cued Click Points” ESORICS, LNCS 4734, pp.359-374,Springer- Verlag Berlin

Heidelberg 2007.

[2]. Zhi Li, Qibin Sun, Yong Lian, and D. D. Giusto, „An association-based graphical password

design resistant to shoulder surfing attack‟, International Conference on Multimedia and Expo

(ICME), IEEE.2005

[3]. R. Dhamija and A. Perrig, "Deja Vu: A User Study Using Images for Authentication," in

Proceedings of9th USENIX Security Symposium, 2000.

[4]. S. Akula and V. Devisetty, "Image Based Registration and Authentication System," in

Proceedings of Midwest Instruction and Computing Symposium, 2004.

[5]. L. Sobrado and J.-C. Birget, "Graphical passwords," The Rutgers Scholar, An Electronic

Bulletin for Undergraduate Research, vol. 4, 2002.

[6]. I. Jermyn, A. Mayer, F. Mon rose, M. K. Reiter, and A.D. Rubin, "The Design and Analysis

of Graphical Passwords," in Proceedings of the 8th USENIX Security Symposium, 1999.


BIBLIOGRAPHY

1. www.javatpoint.com/corejava

2. www.mysql.com

3. www.w3schools.in

4. www.wikepedia.com

5. www.google.com

APPENDIX-A


http://www.google.com/

http://www.wikepedia.com/

http://www.w3schools.in/

http://www.mysql.com/

http://www.javatpoint.com/corejava

OUTPUT SCREENS

Fig A.1: User Interface to Apply Graphical Password on Banking Application


Fig A.2: User registration form


Fig A.3: Graphical Password Creation of User


Fig A.4: Authentication of the User using image password.


Fig A.5: Deposit form of User


Fig A.6: Withdraw form for User.


Fig A.7: Transaction History of the User


APPENDIX-B

SOURCE CODE

package imageprocess;

import java.awt.*;

import java.awt.event.*;

import java.awt.geom.Area;

import java.awt.geom.Path2D;

import java.awt.image.BufferedImage;

import java.io.ByteArrayOutputStream;

import java.io.File;

import java.io.FileInputStream;

import java.io.IOException;

import java.io.InputStream;

import java.sql.*;

import java.sql.DriverManager;

import java.util.Random;

import javax.imageio.ImageIO;

import javax.swing.*;

public class CompareImage extends JFrame implements ActionListener

{

JPanel panel=new JPanel();

Container c;

static JLabel picture=new JLabel();

JLabel name=new JLabel("Name");

JLabel password=new JLabel("Password");

JLabel filename=new JLabel("FileName");

JTextField nametext=new JTextField();

JTextField passwordtext=new JTextField();

JTextField filenametext=new JTextField();

JButton upload=new JButton("Upload");


JButton Compare=new JButton("Display");

JButton Browse=new JButton("Browse");

JButton viewport=new JButton("Viewport");

static ImageIcon icon;

File file;

BufferedImage image;

static Image pic;

static byte[] bytes = null;

CompareImage() throws IOException

{

c=(JPanel)getContentPane();

c.setLayout(null);

c.setBackground(Color.WHITE);

picture.setBounds(50,100,400,325);

filename.setBounds(600,100,100,30);

filenametext.setBounds(720,100,300,30);

name.setBounds(600,150,100,30);

password.setBounds(600,200,100,30);

nametext.setBounds(720,150,100,30);

passwordtext.setBounds(720,200,100,30);

Browse.setBounds(530,400,100,20);

upload.setBounds(650,400,100,20);

Compare.setBounds(770,400,100,20);

viewport.setBounds(770,450,100,20);

c.add(picture);

c.add(filename);

c.add(filenametext);

c.add(name);

c.add(nametext);

c.add(password);

c.add(passwordtext);


c.add(viewport);

c.add(upload);

c.add(Compare);

c.add(Browse);

viewport.addActionListener(this);

upload.addActionListener(this);

Compare.addActionListener(this);

Browse.addActionListener(this);

}

public void actionPerformed(ActionEvent ae)

{

if(ae.getSource()==upload)

{

Connection connection = null;

PreparedStatement psmnt = null;

FileInputStream fis;


String name=nametext.getText();

String password=passwordtext.getText();

try

{

Class.forName("com.mysql.jdbc.Driver")

connection = DriverManager.getConnection("jdbc:mysql://localhost/image","root","");

File image = new File(filename);

psmnt = connection.prepareStatement ("insert into pixelvalue values(?,?,?)");

psmnt.setString(1,name);

psmnt.setString(2,filename);


fis = new FileInputStream(image);

psmnt.setBinaryStream(3, (InputStream)fis, (int)(image.length()));

int s = psmnt.executeUpdate();

}

catch(Exception ee)

{

}

}

else if(ae.getSource()==Compare)

{


try

{

File file=new File(filename);

BufferedImage image=ImageIO.read(file);

ImageIcon icon=new ImageIcon(image);

picture.setIcon(icon);

}

catch(Exception ee)

{

}

}

else if(ae.getSource()==Browse)

{

JFileChooser chooser = new JFileChooser();

try {


File f = new File(new File("filename.txt").getCanonicalPath());

chooser.setSelectedFile(f);

}

catch (IOException e1)

{

}

int retval = chooser.showOpenDialog(Browse);

if (retval == JFileChooser.APPROVE_OPTION){

File field = chooser.getSelectedFile();

filenametext.setText(field.getAbsolutePath());

}

else if(ae.getSource()==viewport)

{

System.out.println("aa");

}

} }

public static void main(String[] arg) throws IOException

{

JFrame pixel=new CompareImage();

pixel.setSize(1000,700);

pixel.setVisible(true);

pixel.setLocationRelativeTo(null);

}

}
